Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2025-68567

    Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Cross Site Request Forgery.This issue affects My auctions allegro: from n/a through <= 3.6.32.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 8.8

    HIGH
    CVE-2025-68569

    Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through <= 1.2.38.... Read more

    Affected Products : wp_time_slots_booking_form
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2023-54151

    In the Linux kernel, the following vulnerability has been resolved: f2fs: Fix system crash due to lack of free space in LFS When f2fs tries to checkpoint during foreground gc in LFS mode, system crash occurs due to lack of free space if the amount of di... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Denial of Service

  • 6.1

    MEDIUM
    CVE-2025-67633

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brownbagmarketing Greenhouse Job Board greenhouse-job-board allows DOM-Based XSS.This issue affects Greenhouse Job Board: from n/a through <= 2.7.3.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 0.0

    NA
    CVE-2023-54140

    In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse A syzbot stress test using a corrupted disk image reported that mark_buffer_dirty() called from __nilfs_mark_inode... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Memory Corruption

  • 9.1

    CRITICAL
    CVE-2025-67623

    Server-Side Request Forgery (SSRF) vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Server Side Request Forgery.This issue affects 6Storage Rentals: from n/a through <= 2.19.9.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Server-Side Request Forgery

  • 9.8

    CRITICAL
    CVE-2025-68537

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from n/a through <= 1.3.14.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Path Traversal

  • 8.8

    HIGH
    CVE-2025-68522

    Missing Authorization vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through <= 4.9.5.... Read more

    Affected Products : wpstream
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 0.0

    NA
    CVE-2025-68748

    In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF race between device unplug and FW event processing The function panthor_fw_unplug() will free the FW memory sections. The problem is that there could still be pendi... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Race Condition

  • 9.1

    CRITICAL
    CVE-2025-68511

    Missing Authorization vulnerability in Jegstudio Gutenverse Form gutenverse-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse Form: from n/a through <= 2.3.1.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2019-25249

    devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlmgr CGI script. Attackers can enable telnet and remote shell services, reboot the device, and gain root ac... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authentication

  • 0.0

    NA
    CVE-2025-68747

    In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF on kernel BO VA nodes If the MMU is down, panthor_vm_unmap_range() might return an error. We expect the page table to be updated still, and if the MMU is blocked, t... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Memory Corruption

  • 8.1

    HIGH
    CVE-2025-68578

    Missing Authorization vulnerability in Addonify Addonify addonify-quick-view allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify: from n/a through <= 2.0.4.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2025-68577

    Missing Authorization vulnerability in Virusdie Virusdie virusdie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Virusdie: from n/a through <= 1.1.6.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2025-68576

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Virusdie Virusdie virusdie allows Retrieve Embedded Sensitive Data.This issue affects Virusdie: from n/a through <= 1.1.6.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Information Disclosure

  • 6.1

    MEDIUM
    CVE-2025-68574

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in voidcoders WPBakery Visual Composer WHMCS Elements void-visual-whmcs-element allows DOM-Based XSS.This issue affects WPBakery Visual Composer WHMCS Eleme... Read more

    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2025-68573

    Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi Simple Keyword to Link simple-keyword-to-link allows Cross Site Request Forgery.This issue affects Simple Keyword to Link: from n/a through <= 1.5.... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 7.5

    HIGH
    CVE-2025-67621

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in 10up Eight Day Week Print Workflow eight-day-week-print-workflow allows Retrieve Embedded Sensitive Data.This issue affects Eight Day Week Print Workflow: from n/a... Read more

    Affected Products :
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Information Disclosure

  • 0.0

    NA
    CVE-2023-54159

    In the Linux kernel, the following vulnerability has been resolved: usb: mtu3: fix kernel panic at qmu transfer done irq handler When handle qmu transfer irq, it will unlock @mtu->lock before give back request, if another thread handle disconnect event ... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Race Condition

  • 0.0

    NA
    CVE-2023-54154

    In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix target_cmd_counter leak The target_cmd_counter struct allocated via target_alloc_cmd_counter() is never freed, resulting in leaks across various transport types,... Read more

    Affected Products : linux_kernel
    • Published: Dec. 24, 2025
    • Modified: Dec. 29, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4612 Results